| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D39620
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@317537 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
| |
BugReporterVisitor
Differential Revision: https://reviews.llvm.org/D37935
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@316963 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
| |
Extend ExprInspection checker to make it possible to dump the issue hash of
arbitrary expressions. This change makes it possible to make issue hash related
tests more concise and also makes debugging issue hash related problems easier.
Differential Revision: https://reviews.llvm.org/D38844
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@316899 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
| |
non-static in headers
Also move these out of the llvm namespace & rely on ADL as is
appropriate for these op<< overloads.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@316794 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D38867
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@315655 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D38764
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@315488 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D30295
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@315462 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
| |
Patch by: Reka Nikolett Kovacs
Differential Revision: https://reviews.llvm.org/D35796
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@313973 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
1.Updated annotations for include/clang/StaticAnalyzer/Core/PathSensitive/Store.h, which belong to the old version of clang.
2.Delete annotations for CodeGenFunction::getEvaluationKind() in clang/lib/CodeGen/CodeGenFunction.h, which belong to the old version of clang.
Reviewers: bkramer, krasimir, klimek
Reviewed By: bkramer
Subscribers: MTC
Differential Revision: https://reviews.llvm.org/D36330
Contributed by @MTC!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@312790 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This fixes failures seen in the reverse iteration builder:
http://lab.llvm.org:8011/builders/reverse-iteration/builds/26
Failing Tests (4):
Clang :: Analysis/MisusedMovedObject.cpp
Clang :: Analysis/keychainAPI.m
Clang :: Analysis/loop-unrolling.cpp
Clang :: Analysis/malloc.c
Reviewers: zaks.anna, bkramer, chandlerc, krememek, nikhgupt
Reviewed By: zaks.anna
Subscribers: dcoughlin, NoQ, cfe-commits
Differential Revision: https://reviews.llvm.org/D37400
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@312677 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation is in AnalysisDeclContext.cpp and the class is called
AnalysisDeclContext.
Making those match up has numerous benefits, including:
- Easier jump from header to/from implementation.
- Easily identify filename from class.
Differential Revision: https://reviews.llvm.org/D37500
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@312671 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D37499
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@312670 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
each loop
This way the unrolling can be restricted for loops which will take at most a
given number of steps. It is defined as 128 in this patch and it seems to have
a good number for that purpose.
Differential Revision: https://reviews.llvm.org/D37181
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@311883 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unroll specific loops
The LoopExit CFG information provides the opportunity to not mark the loops but
having a stack which tracks if a loop is unrolled or not. So in case of
simulating a loop we just add it and the information if it meets the
requirements to be unrolled to the top of the stack.
Differential Revision: https://reviews.llvm.org/D35684
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@311346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds handling of the LoopExit CFGElements to the StaticAnalyzer.
This is reached by introducing a new ProgramPoint.
Tests will be added in a following commit.
Differential Revision: https://reviews.llvm.org/D35670
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@311344 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new CFG element CFGLoopExit that indicate when a loop
ends. It does not deal with returnStmts yet (left it as a TODO).
It hidden behind a new analyzer-config flag called cfg-loopexit (false by
default).
Test cases added.
The main purpose of this patch right know is to make loop unrolling and loop
widening easier and more efficient. However, this information can be useful for
future improvements in the StaticAnalyzer core too.
Differential Revision: https://reviews.llvm.org/D35668
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@311235 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
before the loop
Adding escape check for the counter variable of the loop.
It is achieved by jumping back on the ExplodedGraph to its declStmt.
Differential Revision: https://reviews.llvm.org/D35657
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@311234 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for cross-file diagnostic paths in html output. If the
diagnostic path is not cross-file, there is no change in the output.
Patch by Vlad Tsyrklevich!
Differential Revision: https://reviews.llvm.org/D30406
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@309968 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
| |
AnalysisManager, to unbreak modules build.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@309052 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature allows the analyzer to consider loops to completely unroll.
New requirements/rules (for unrolling) can be added easily via ASTMatchers.
Right now it is hidden behind a flag, the aim is to find the correct heuristic
and create a solution which results higher coverage % and more precise
analysis, thus can be enabled by default.
Right now the blocks which belong to an unrolled loop are marked by the
LoopVisitor which adds them to the ProgramState.
Then whenever we encounter a CFGBlock in the processCFGBlockEntrance which is
marked then we skip its investigating. That means, it won't be considered to
be visited more than the maximal bound for visiting since it won't be checked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@309006 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 'Generalized' object kind to the retain-count checker and suitable
generic diagnostic text for retain-count diagnostics involving those objects.
For now the object kind is introduced in summaries by 'annotate' attributes.
Once we have more experience with these annotations we will propose explicit
attributes.
Patch by Malhar Thakkar!
Differential Revision: https://reviews.llvm.org/D35613
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@308990 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
| |
bound option"
Revert r308561 and r308558.
Clang-ppc64be-linux seems to crash while running the test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@308592 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
| |
Missing files added to rL308558.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@308561 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requirements/rules (for unrolling) can be added easily via ASTMatchers.
The current implementation is hidden behind a flag.
Right now the blocks which belong to an unrolled loop are marked by the
LoopVisitor which adds them to the ProgramState. Then whenever we encounter a
CFGBlock in the processCFGBlockEntrance which is marked then we skip its
investigating. That means, it won't be considered to be visited more than the
maximal bound for visiting since it won't be checked.
Differential Revision: https://reviews.llvm.org/D34260
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@308558 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
| |
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@307886 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
| |
constraint types"
Assertion `Loc::isLocType(SSE->getLHS()->getType())' failed in Analysis/PR3991.m
This reverts commit e469ff2759275e67f9072b3d67fac90f647c0fe6.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@307853 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Generate more IntSymExpr constraints, perform SVal simplification for IntSymExpr and SymbolCast constraints, and create fully symbolic SymExprs
Reviewers: zaks.anna, dcoughlin, NoQ, xazax.hun
Subscribers: mgorny, cfe-commits
Differential Revision: https://reviews.llvm.org/D28953
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@307833 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
This mimics the implementation for the implicit destructors. The
generation of this scope leaving elements is hidden behind
a flag to the CFGBuilder, thus it should not affect existing code.
Currently, I'm missing a test (it's implicitly tested by the clang-tidy
lifetime checker that I'm proposing).
I though about a test using debug.DumpCFG, but then I would
have to add an option to StaticAnalyzer/Core/AnalyzerOptions
to enable the scope leaving CFGElement,
which would only be useful to that particular test.
Any other ideas how I could make a test for this feature?
Reviewers: krememek, jordan_rose
Subscribers: cfe-commits
Differential Revision: http://reviews.llvm.org/D15031
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@307759 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a follow up for one of
the previous diffs https://reviews.llvm.org/D32328.
getTypeSize and with getIntWidth are not equivalent for bool
(see https://clang.llvm.org/doxygen/ASTContext_8cpp_source.html#l08444),
this causes a number of issues
(for instance, if APint X representing a bool is created
with the wrong bit width then X is not comparable against Min/Max
(because of the different bit width), that results in crashes
(triggered asserts) inside assume* methods),
for examples see the newly added test cases.
Test plan: make check-all
Differential revision: https://reviews.llvm.org/D35041
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@307604 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a new checker package. It contains checkers that highlight
well-documented implementation-defined behavior. Such checkers are only useful
to developers that intend to write portable code. Code that is only compiled for
a single platform should be allowed to rely on this platform's specific
documented behavior.
rdar://problem/30545046
Differential Revision: https://reviews.llvm.org/D34102
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@306396 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D31029
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@305669 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nullable-to-nonnull checks used to crash when the custom bug visitor was trying
to add its notes to autosynthesized accessors of Objective-C properties.
Now we avoid this, mostly automatically outside of checker control, by
moving the diagnostic to the parent stack frame where the accessor has been
called.
Differential revision: https://reviews.llvm.org/D32437
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304710 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
| |
This should fix the leaks found by asan buildbot in r304162.
Also don't store a reference to the factory with every map value,
which is the only difference between ImmutableMap and ImmutableMapRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304170 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The analyzer's taint analysis can now reason about structures or arrays
originating from taint sources in which only certain sections are tainted.
In particular, it also benefits modeling functions like read(), which may
read tainted data into a section of a structure, but RegionStore is incapable of
expressing the fact that the rest of the structure remains intact, even if we
try to model read() directly.
Patch by Vlad Tsyrklevich!
Differential revision: https://reviews.llvm.org/D28445
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304162 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new checker currently contains the very core infrastructure for tracking
the state of iterator-type objects in the analyzer: relating iterators to
their containers, tracking symbolic begin and end iterator values for
containers, and solving simple equality-type constraints over iterators.
A single specific check over this infrastructure is capable of finding usage of
out-of-range iterators in some simple cases.
Patch by Ádám Balogh!
Differential revision: https://reviews.llvm.org/D32592
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@304160 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was written as "Memory Error" in most places and as "Memory error" in a few
other places, however it is the latter that is more consistent with
other categories (such as "Logic error").
rdar://problem/31718115
Differential Revision: https://reviews.llvm.org/D32702
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@302016 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now check the type of the super-region pointer for most SubRegion classes
in compile time; some checks are run-time though.
This is an API-breaking change (we now require explicit casts to specific region
sub-classes), but in practice very few checkers are affected.
Differential Revision: https://reviews.llvm.org/D26838
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@300189 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up vtable anchors (remove anchors for regions that have regular
out-of-line virtual methods, add anchors for regions that don't have those).
Fix private/public methods (all constructors should now be private for leaf
classes, protected for abstract classes).
No functional change intended, only extra sanity checks and cleanups.
Differential Revision: https://reviews.llvm.org/D26837
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@300187 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SValBuilder tries to constant-fold symbols in the left-hand side of the symbolic
expression whenever it fails to evaluate the expression directly. However, it
only constant-folds them when they are atomic expressions, not when they are
complicated expressions themselves. This patch adds recursive constant-folding
to the left-hand side subexpression (there's a lack of symmetry because we're
trying to have symbols on the left and constants on the right). As an example,
we'd now be able to handle operations similar to "$x + 1 < $y", when $x is
constrained to a constant.
rdar://problem/31354676
Differential Revision: https://reviews.llvm.org/D31886
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@300178 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Implement new Z3 constraint manager backend.
Reviewers: zaks.anna, dcoughlin, NoQ, xazax.hun
Subscribers: mgorny, cfe-commits
Differential Revision: https://reviews.llvm.org/D28952
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@299463 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
| |
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@299083 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjustments should be considered properly; we should copy the unadjusted object
over the whole temporary base region. If the unadjusted object is no longer
available in the Environment, invalidate the temporary base region, and then
copy the adjusted object into the adjusted sub-region of the temporary region.
This fixes a regression introduced by r288263, that caused various
false positives, due to copying only adjusted object into the adjusted region;
the rest of the base region therefore remained undefined.
Before r288263, the adjusted value was copied over the unadjusted region,
which is incorrect, but accidentally worked better due to how region store
disregards compound value bindings to non-base regions.
An additional test machinery is introduced to make sure that despite making
two binds, we only notify checkers once for both of them, without exposing
the partially copied objects.
This fix is a hack over a hack. The proper fix would be to model C++ temporaries
in the CFG, and after that dealing with adjustments would no longer be
necessary, and the values we need would no longer disappear from the
Environment.
rdar://problem/30658168
Differential Revision: https://reviews.llvm.org/D30534
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@298924 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The checker currently warns on copying, moving, or calling methods on an object
that was recently std::move'd from. It understands a set of "state reset"
methods that bring a moved-from object back to a well-specified state.
Patch by Peter Szecsi!
Differential Revision: https://reviews.llvm.org/D24246
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@298698 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
| |
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@298657 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
| |
A patch by Vlad Tsyrklevich!
Differential Revision: https://reviews.llvm.org/D28445
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@297326 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
| |
This patch makes the valist check more robust to the different AST variants on
different platforms and also fixes a FIXME.
Differential Revision: https://reviews.llvm.org/D30157
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@297153 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: SimpleConstraintManager is difficult to use, and makes assumptions about capabilities of the constraint manager. This patch refactors out those portions into a new RangedConstraintManager, and also fixes some issues with camel case, formatting, and confusing naming.
Reviewers: zaks.anna, dcoughlin
Subscribers: mgorny, xazax.hun, NoQ, rgov, cfe-commits
Differential Revision: https://reviews.llvm.org/D26061
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@296242 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
| |
During the review of D29567 it turned out the caching in CallDescription is not implemented properly. In case an identifier does not exist in a translation unit, repeated identifier lookups will be done which might have bad impact on the performance. This patch guarantees that the lookup is only executed once. Moreover this patch fixes a corner case when the identifier of CallDescription does not exist in the translation unit and the called function does not have an identifier (e.g.: overloaded operator in C++).
Differential Revision: https://reviews.llvm.org/D29884
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@295186 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds LocationContext to checkRegionChanges and removes
wantsRegionChangeUpdate as it was unused.
A patch by Krzysztof Wiśniewski!
Differential Revision: https://reviews.llvm.org/D27090
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@291869 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
|
|
|
|
|
|
|
| |
Patch by: Adam Balogh!
Differential Revision: https://reviews.llvm.org/D25660
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@291430 91177308-0d34-0410-b5e6-96231b3b80d8
|